chore(3p/git): Unvendor git and track patches instead r/2903

This was vendored a long time ago under the expectation that keeping
it in sync with cgit would be easier this way, but it has proven not
to be a big issue.

On the other hand, a vendored copy of git is an annoying maintenance
burden. It is much easier to rebase the single (dottime) patch that we
have.

This removes the vendored copy of git and instead passes the git
source code to cgit via `pkgs.srcOnly`, which includes the applied
patch so that cgit can continue rendering dottime.

Change-Id: If31f62dea7ce688fd1b9050204e9378019775f2b

1 files changed, 0 insertions, 22 deletions

diff --git a/third_party/git/Documentation/RelNotes/2.17.5.txt b/third_party/git/Documentation/RelNotes/2.17.5.txt
deleted file mode 100644
index 2abb821a7397..000000000000
--- a/third_party/git/Documentation/RelNotes/2.17.5.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-Git v2.17.5 Release Notes
-=========================
-
-This release is to address a security issue: CVE-2020-11008
-
-Fixes since v2.17.4
--------------------
-
- * With a crafted URL that contains a newline or empty host, or lacks
-   a scheme, the credential helper machinery can be fooled into
-   providing credential information that is not appropriate for the
-   protocol in use and host being contacted.
-
-   Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
-   credentials are not for a host of the attacker's choosing; instead,
-   they are for some unspecified host (based on how the configured
-   credential helper handles an absent "host" parameter).
-
-   The attack has been made impossible by refusing to work with
-   under-specified credential patterns.
-
-Credit for finding the vulnerability goes to Carlo Arenas.